At 9:07 PM +0100 8/28/02, Stefan Krüger wrote:
>Hi folks,
>
>I've just read:
>
>http://www.counterpane.com/crypto-gram-0204.html#3 and
>http://online.securityfocus.com/archive/1/263924

Apparently not closely enough. In the first link, the sentence "I 
have long believed that a 1024-bit key could fall to a machine 
costing $1 billion" should give you an indication of the strength of 
the default key size. If you have adversaries who want to spend $1 
billion to break your key, you probably have spent the time to do a 
security analysis of your machine and have already changed your keys 
to something longer. "Businesses today could reasonably be content 
with their 1024-bit keys" means just that.

As others have pointed out, you can always create longer keys if you 
want. We are talking about the *default* key size, not the maximum.

>and maybe we should update our rc scripts,
>so that ssh-keygen generates at least 1280 Bit keys

This assumes the value to 99% of systems using NetBSD or OpenBSD 
would be greater than the cost. That hasn't been shown yet.